Cisco RV220W Network Security Firewall
Strengths: Very affordable, easy installation, plenty of wizard-based assistance, and good range of IPsec and SSL VPN options
Weaknesses: Web filtering is optional and doesn't perform well
Verdict: A low-cost wired and wireless security router with quality IPsec and SSL VPN support and some useful traffic prioritisation features
Cisco continues to strengthen its focus on the burgeoning SME network security market, and its latest RV220W router mixes together wired and wireless services with a good helping of IPsec plus SSL VPN features and serves them up with web content filtering.
The RV220W is a compact, solidly built unit with four Gigabit LAN ports and a separate Gigabit WAN port. Wireless support extends to 2.4GHz 802.11b/g/n or 5GHz 802.11a/n operations, but it's not a full dual-band router so you can't have both spectrums enabled at the same time.
Its low starting price looks very good value, although bear in mind the web content filtering is an optional extra. Costing around £75 for a one-year subscription, this is a cloud service provided by Trend Micro, which offers up to 80 web categories that can be individually blocked or allowed.
It's worth pointing out that although this is part of Cisco's ProtectLink Gateway security service, only the web component is available for the RV220W. Unlike Cisco's Small Business SA security appliances, neither the Trend Micro hosted anti-spam service nor endpoint security is supported by this router.
Small businesses will find initial installation very simple as you just point a web browser at the appliance's default IP address and follow the various wizards. Plenty of status information is to hand, with a graphic showing the active ports along with statistics for interface traffic, users and VPNs.
For wireless operations you can create up to four virtual access points, each with its own security settings. These are assigned a profile that defines encryption, authentication and SSID masking or broadcasting. Only global settings are provided for the operational mode, so choosing 2.4GHz or 5GHz will apply to all access point profiles.
Each access point in the table can have start and stop time periods applied that determine when they are available, and you can limit the number of clients that can associate with them. Guest access is easy to configure as enabling AP isolation on a virtual AP stops wireless users on the same SSID seeing each other.
The filtering service performed very poorly - with the games and gambling categories blocked, we were allowed through to 20 per cent of the bingo sites we attempted to access. This really isn't acceptable, and we've found that cloud content filtering services such as Commtouch and Websense are far more efficient.
If you don't want the ProtectLink web service, the router still provides some basic browsing controls. Approved and blocked URL lists can be applied globally to users, as can lists of keywords for domain names and URLs. These are implemented within the router's firewall rules, which also offer a wide range of controls for other services and traffic types. All LAN ports are grouped in a trusted zone with the WAN port on its own in an untrusted zone. The router supports a DMZ but allows only one IP address to sidestep the firewall for full exposure.
Custom firewall rules are created by specifying the inbound and outbound zones along with source and destination hosts, choosing a service from an extensive list and opting to block or allow this traffic. QoS can also be set for each rule so you can prioritise specific services.
Cisco's Traffic Meter is almost identical to that offered in Netgear routers, as you can set global limits in MB on download traffic or in both directions. Threshold reached, you can block all traffic or allow only email activity.
The Cisco RV220W is an affordable secure wired and wireless router.